BreachForums, the notorious cybercrime marketplace that relaunched just over a month ago, has abruptly gone offline following explosive claims from threat actor ShinyHunters that the site has been compromised and is now controlled by international law enforcement agencies.
In a PGP-signed message posted on a Telegram channel, ShinyHunters alleged that both the forum’s infrastructure and its official PGP key are now in the hands of French law enforcement’s BL2C unit, operating in cooperation with the US Department of Justice (DOJ) and the FBI. The statement claims that administrator accounts, including those belonging to Hollow, ShinyHunters, and the “Founder” (allegedly a covert federal agent), have been seized.
@H4ckmanac | X
According to the message, the breach has exposed all private messages, plaintext passwords, IP addresses, email addresses, and other logged metadata collected since the forum’s July 1 relaunch. ShinyHunters also asserted that the forum’s source code has been modified to record all user activity, effectively converting the site into a honeypot designed to identify participants. Any future communications signed with the site’s official PGP key, the actor warned, should be considered fraudulent.
BreachForums, first launched in 2022 as a successor to the shuttered RaidForums, quickly became a central hub for trading stolen data, including credentials, internal corporate files, and personal records. The site has been linked to major data leaks affecting Dell, Apple, Ford, France Travail, and multiple healthcare and financial institutions. The platform’s previous administrator, “Pompompurin” (Conor Brian Fitzpatrick), was arrested in 2023, leading to a series of reappearances and leadership changes.
The July relaunch was announced just days after a sweeping French law enforcement operation on June 24, 2025, that resulted in the arrest of four alleged administrators: ShinyHunters, Hollow, Noct, and Depressed. Another high-profile member, IntelBroker (identified by US authorities as Kai West), had been arrested months earlier in connection with a $25 million cybercrime conspiracy. At the time, a figure identifying as “Jaw” claimed leadership of the forum and urged users not to reuse old identities, a move that some observers interpreted as a security precaution or a sign of a possible sting operation.
Internet Archive
ShinyHunters’ new statement appears to confirm the latter suspicion, warning that the forum will not return under legitimate control and that any reappearance should be treated as a law enforcement trap. The actor emphasized that their personal PGP key remains secure, providing a fingerprint to authenticate the message. Within hours of the announcement, BreachForums went offline.
Leave a Reply